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Listing of the Claims: 

1 . (Currently Amended) In a computer system, a method comprising: 
receiving information indicative of a possible change to a protected file; and 
determining whether the change is valid by verifying the file, the verifying 

performed bv a verification mechanism, and if not valid, preventing the change. 

2. (Original) The method of claim 1 wherein receiving information 
indicative of a possible change includes receiving notification indicative of a change 
to a protected file. 

3. (Original) The method of claim 1 wherein receiving information 
indicative of a possible change includes receiving notification of a change to a file, 
and accessing information to determine whether the file is protected. 

4. (Original) The method of claim 1 wherein preventing the change 
includes overwriting a changed copy of the file with a valid copy of the protected 
file. 

5. (Original) The method of claim 1 wherein preventing the change 
includes discarding change data. 

6. (Original) The method of claim 1 wherein determining whether the 
change is valid by verifying the file includes obtaining cryptographic hash 
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information of the changed file and comparing the cryptographic hash information 
against cryptographic hash information associated with the protected file. 

7. (Original) The method of claim 6 wherein comparing the 
cryptographic hash information includes accessing a catalog of information for 
protected files. 

8. (Original) The method of claim 1 wherein determining whether the 
change is valid includes determining whether the file includes a signature. 

9. (Original) The method of claim 1 further comprising, monitoring files 
in a file system. 

10. (Original) The method of claim 1 wherein preventing the change 
includes copying a valid copy of the protected file to a former location of the 
protected file. 

1 1 . (Original) The method of claim 10 wherein copying a valid copy of 
the protected file includes finding a file having the same identity as the protected 
file. 

12. (Original) The method of claim 1 1 wherein finding the file having the 
same identity as the protected file includes accessing a cache. 
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1 3. (Original) The method of claim 1 2 further comprising verifying the file 
having the same identity. 

14. (Original) The method of claim 1 1 wherein finding the file having the 
same identity as the protected file includes accessing a network. 

1 5. (Original) The method of claim 14 further comprising verifying the file 
having the same identity. 

16. (Original) The method of claim 15 wherein finding the file having the 
same identity as the protected file includes accessing a recorded medium. 

17. (Original) The method of claim 16 further comprising verifying the file 
having the same identity. 

18. (Original) The method of claim 1 wherein preventing the change 
includes discarding change data and returning a success to a component. 

19. (Original) The method of claim 1 further comprising receiving 
information indicating that a protected file is about to be changed, preserving a 
copy of the protected file, and wherein preventing the change includes overwriting 
a changed copy of the file with a copy of the protected file that was preserved. 
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20. (Currently Amended) A computer-readable medium having 
computer-executable instructions, comprising: 

(1) selecting a plurality of files as protected files; 

(2) receiving information indicative of a possible change to a protected file; 

and 

(3) determining whether the file is an exception case, and 

(a) if an exception case, allowing the change, or 

(b) if not an exception case, determining whether the change is valid 
by verifying the file, the verifying performed bv a verification mechanism, and 

(i) if valid, allowing the change; and 

(ii) if not valid, preventing the change. 

21 . (Original) The computer-readable medium of claim 20 wherein 
receiving information indicative of a possible change includes receiving notification 
indicative of a change to a protected file. 

22. (Original) The computer-readable medium of claim 20 wherein 
receiving information indicative of a possible change includes receiving notification 
of a change to a file, and accessing information to determine whether the file is 
protected. 
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23. (Original) The computer-readable medium of claim 20 wherein 



preventing the change includes overwriting a changed copy of the file with a valid 
copy of the protected file. 

24. (Original) The computer-readable medium of claim 20 wherein 
preventing the change includes discarding change data. 

25. (Original) The computer-readable medium of claim 20 further 
comprising returning information indicative of a success. 

26. (Original) The computer-readable medium of claim 20 wherein 
allowing the change includes writing data saved via a copy-on-write process to the 



27. (Original) The computer-readable medium of claim 20 wherein 
determining whether the file is an exception case includes checking a security 
descriptor of the file. 

28. (Original) The computer-readable medium of claim 20 further 
comprising providing a prompt before allowing a change. 

29. (Original) The computer-readable medium of claim 20 wherein 
determining whether the change is valid includes obtaining cryptographic hash 



file. 
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information of the changed file, and comparing the cryptographic hash information 
against cryptographic hash information associated with the protected file. 

30. (Original) The computer-readable medium of claim 20 wherein 
determining whether the change is valid includes determining whether the file 
includes a signature. 

31 . (Original) A computer system, comprising, 
a protected file, 

a detection mechanism configured to determine when the protected file may 
be changed, 

a verification mechanism; and 

a file protection service, the file protection service configured to receive a 
determination from the detection mechanism that the protected file may be 
changed, and further configured to communicate with the verification mechanism to 
verify whether the change is valid, and to prevent the change when the change is 
not valid. 

32. (Original) The computer system of claim 31 wherein the detection 
mechanism includes a mechanism for monitoring at least one directory for changes 
to at least one file therein. 
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33. (Original) The computer system of claim 31 wherein the detection 
mechanism provides a notification to the file protection service as the determination 
mechanism that the protected file may be changed. 

34. (Original) The computer system of claim 31 wherein the file 
protection service accesses a data structure to determine whether the notification 
received from the detection mechanism corresponds to a protected file. 

35. (Original) The computer system of claim 31 wherein the file 
protection service is incorporated into a file system. 

36. (Original) The computer system of claim 31 wherein the file 
protection service prevents the change by discarding changed data. 

37. (Original) The computer system of claim 36 wherein the file 
protection service returns information indicative of a success. 

38. (Original) The computer system of claim 31 wherein the verification 
mechanism verifies whether the change to a file is valid by comparing a 
cryptographic hash of the file contents against a cryptographic hash associated 
with a valid file. 
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39. (Original) The computer system of claim 38 wherein the 
cryptographic hash associated with a valid file is maintained in a data structure 
including a cryptographic hash of the contents of at least one other protected file. 

40. (Original) The computer system of claim 31 wherein the file 
protection service prevents the change by copying valid data over changed data. 

41 . (Original) The computer system of claim 40 wherein the file 
protection service locates valid data in a system cache. 

42. (Original) The computer system of claim 40 wherein the file 
protection service locates valid data at a network share. 

43. (Original) The computer system of claim 40 wherein the file 
protection service locates valid data in a recorded medium. 

44. (Original) The computer system of claim 40 wherein the file 
protection service locates valid data in a preserved location. 

45. (Original) The computer system of claim 31 further comprising a 
scanning mechanism for causing a plurality of files to trigger the detection 
mechanism. 
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